OpenAI Trusted Access for Cyber

OpenAI said on April 14 it is widening a gated cybersecurity program and adding access to a specialized model called GPT‑5.4‑Cyber for vetted defenders. (openai.com) The company said Trusted Access for Cyber will now cover “thousands” of verified individual defenders and “hundreds” of teams that protect critical software. OpenAI said GPT‑5.4‑Cyber is a fine-tuned variant of GPT‑5.4 built to be more permissive for defensive security work. (openai.com) Cybersecurity work often uses the same skills as an attack: finding flaws, testing systems, and analyzing malicious code. OpenAI said that overlap has made ordinary safety filters block some legitimate security work, so the program uses identity checks and trust reviews to decide who gets broader access. (openai.com) OpenAI has been tightening cyber safeguards as its models improved. In a December 10, 2025 post, the company said internal capture-the-flag results rose from 27% on GPT‑5 in August 2025 to 76% on GPT‑5.1‑Codex‑Max in November 2025, and it said newer models could reach “High” cybersecurity capability under its Preparedness Framework. (openai.com) That framing carried into GPT‑5.4. In its March 5, 2026 system card, OpenAI said GPT‑5.4 Thinking was the first general-purpose model in the GPT‑5 line with mitigations for “High” cybersecurity capability, including training to refuse requests involving malware creation, credential theft, and chained exploitation. (openai.com) Trusted Access for Cyber itself is new. OpenAI launched the pilot on February 5, 2026, describing it as an identity- and trust-based framework for defensive users, and said at the time it would commit $10 million in application programming interface credits to speed up cyber defense work. (openai.com) The company has been building toward this for several years. OpenAI launched a Cybersecurity Grant Program in June 2023, then updated it on February 5, 2026 to focus on larger-scale deployment for defenders, with example uses including incident triage, vulnerability patching, malware reverse engineering, and threat intelligence. (openai.com) GPT‑5.4‑Cyber is not being released as a normal public model. OpenAI said the access path is for verified professionals and teams, and said enterprises can request the program through a Trusted Access for Cyber application tied to specific defensive use cases such as penetration testing, red teaming, vulnerability assessment, malware reverse engineering, and cryptographic research. (openai.com) The immediate next step is not a mass rollout but a controlled one. OpenAI said it is preparing for “increasingly more capable models” in the coming months and wants cyber access, safeguards, and defender support to expand in step with those capabilities. (openai.com)